We performed a comparison between PortSwigger Burp Suite Professional and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating."
"It is a time-saver application."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"We use the solution for vulnerability assessment in respect of the application and the sites."
"The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
"The extension that it provides with the community version for the skills mapping is excellent."
"The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool."
"The intercepting feature is the most valuable."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"It is a cloud-based solution, so it is easy to scale."
"The interface is user-friendly and easy to understand."
"It is a good product for website penetration testing to detect vulnerabilities."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"This product is designed for easy scalability and can easily scale up without major challenges."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"We'd like to have more integration potential across all versions of the product."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"The number of false positives need to be reduced on the solution."
"The reporting needs to be improved; it is very bad."
"The initial setup is a bit complex."
"The pricing of the solution is quite high."
"There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"There should be better visibility into the application."
"The software’s pricing could be improved."
"The virus code updates are not frequent enough."
"The product's pricing could be better."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"The pricing does not seem to be competitive."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
More Qualys Web Application Scanning Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 57 reviews while Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and SonarQube, whereas Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, Veracode, Fortify WebInspect and Tenable.io Web Application Scanning. See our PortSwigger Burp Suite Professional vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.